dovecot - Feb 2014 - Dovecot upgrade 1 to 2 on Debian Squeeze : broken /var/run/dovecot

Hi,

 I just upgraded from version 1 to version on Debian Squeeze using their
backports.

Like I expected my dovecot1 config had to be converted using doveconf and this I
did.

However, I see problems with files inside directory:
drwxr-xr-x 4 dovenull root 4096 Feb 25 20:35 /var/run/dovecot

All of them were created owned by root:root rw.

I tried to changed, for example :
chown postfix:dovecot /var/run/dovecot/auth-master
but noticed when I restarted dovecot it reset the permissions back to root:root
rw.

Here's the version:
# dovecot --version
2.1.7

Here's my slightly redacted conf.
# grep -v ^# dovecot.conf|grep -v ^$
auth_mechanisms = plain login
auth_verbose = yes
dict {
  quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf
}
disable_plaintext_auth = no
first_valid_uid = 106
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/var/xx/%d/%u/
mail_plugins = quota
mail_privileged_group = mail
maildir_very_dirty_syncs = yes
passdb {
  args = /etc/dovecot/dovecot-mysql.conf
  driver = sql
}
plugin {
  quota_rule = *:storage=262144:messages=20000
  quota_rule2 = Trash:storage=282144:messages=23000
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-master {
    mode = 0600
    user = vmail
  }
  user = root
}
service imap-login {
  chroot = login
  inet_listener imap {
    address = 127.0.0.1
    port = 3993
  }
  inet_listener imaps {
    address = *
    port = 993
  }
  process_limit = 256
  process_min_avail = 24
  service_count = 1
  vsz_limit = 48 M
}
service pop3-login {
  chroot = login
  process_limit = 256
  process_min_avail = 24
  service_count = 1
  vsz_limit = 48 M
}
ssl = required
ssl_ca = </etc/ssl/certs/xxx.combined_for_dovecot.pem
ssl_cert = </etc/ssl/private/xx.xx.xx.crt
ssl_cipher_list = TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH
ssl_key = </etc/ssl/private/xx.xx.xx.key
ssl_verify_client_cert = yes
userdb {
  args = uid=5000 gid=5000 home=/var/xx/%d/%u allow_all_users=yes
  driver = static
}
userdb {
  args = /etc/dovecot/dovecot-mysql.conf
  driver = sql
}
valid_chroot_dirs = /var/xx
protocol imap {
  mail_max_userip_connections = 96
  mail_plugins = quota imap_quota
}
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
  log_path   mail_plugins = sieve quota
  postmaster_address = xxxx at xxxxx
}


I really don't understand how I should make this work, and the after I read
the docs on dovecot.org and googled I realised I was really lost getting this
back up and runing :(

I should be really grateful if somebody would give me some advice.

Thanks, 
Soph'

Hi,

Just noticed 

mode = 0666

should be set for auth-userdb

however I see its not set in my converted dovecot.conf and think I should set
this in the conf.d/10-master.conf, but I don't know which permissions should
be secure and if secure permissions, then how should postfix interact with this
or deliver to mail stores that are owned by xxx ?

--------------------------------------------
On Tue, 25/2/14, Si L <sloewent at yahoo.com> wrote:

 Subject: [Dovecot] Dovecot upgrade 1 to 2 on Debian Squeeze : broken
/var/run/dovecot
 To: dovecot at dovecot.org
 Date: Tuesday, 25 February, 2014, 16:44
 
 Hi,
 
  I just upgraded from version 1 to version on Debian Squeeze
 using their backports.
 
 Like I expected my dovecot1 config had to be converted using
 doveconf and this I did.
 
 However, I see problems with files inside directory:
 drwxr-xr-x 4 dovenull root 4096 Feb 25 20:35
 /var/run/dovecot
 
 All of them were created owned by root:root rw.
 
 I tried to changed, for example :
 chown postfix:dovecot /var/run/dovecot/auth-master
 but noticed when I restarted dovecot it reset the
 permissions back to root:root rw.
 
 Here's the version:
 # dovecot --version
 2.1.7
 
 Here's my slightly redacted conf.
 # grep -v ^# dovecot.conf|grep -v ^$
 auth_mechanisms = plain login
 auth_verbose = yes
 dict {
 ? quotadict  mysql:/etc/dovecot/dovecot-dict-quota.conf
 }
 disable_plaintext_auth = no
 first_valid_uid = 106
 log_timestamp = "%Y-%m-%d %H:%M:%S "
 mail_location = maildir:/var/xx/%d/%u/
 mail_plugins = quota
 mail_privileged_group = mail
 maildir_very_dirty_syncs = yes
 passdb {
 ? args = /etc/dovecot/dovecot-mysql.conf
 ? driver = sql
 }
 plugin {
 ? quota_rule = *:storage=262144:messages=20000
 ? quota_rule2 = Trash:storage=282144:messages=23000
 }
 service auth {
 ? unix_listener /var/spool/postfix/private/auth {
 ? ? group = postfix
 ? ? mode = 0660
 ? ? user = postfix
 ? }
 ? unix_listener auth-master {
 ? ? mode = 0600
 ? ? user = vmail
 ? }
 ? user = root
 }
 service imap-login {
 ? chroot = login
 ? inet_listener imap {
 ? ? address = 127.0.0.1
 ? ? port = 3993
 ? }
 ? inet_listener imaps {
 ? ? address = *
 ? ? port = 993
 ? }
 ? process_limit = 256
 ? process_min_avail = 24
 ? service_count = 1
 ? vsz_limit = 48 M
 }
 service pop3-login {
 ? chroot = login
 ? process_limit = 256
 ? process_min_avail = 24
 ? service_count = 1
 ? vsz_limit = 48 M
 }
 ssl = required
 ssl_ca = </etc/ssl/certs/xxx.combined_for_dovecot.pem
 ssl_cert = </etc/ssl/private/xx.xx.xx.crt
 ssl_cipher_list  TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH
 ssl_key = </etc/ssl/private/xx.xx.xx.key
 ssl_verify_client_cert = yes
 userdb {
 ? args = uid=5000 gid=5000 home=/var/xx/%d/%u
 allow_all_users=yes
 ? driver = static
 }
 userdb {
 ? args = /etc/dovecot/dovecot-mysql.conf
 ? driver = sql
 }
 valid_chroot_dirs = /var/xx
 protocol imap {
 ? mail_max_userip_connections = 96
 ? mail_plugins = quota imap_quota
 }
 protocol pop3 {
 ? pop3_uidl_format = %08Xu%08Xv
 }
 protocol lda {
 ? auth_socket_path = /var/run/dovecot/auth-master
 ? log_path  ? mail_plugins = sieve quota
 ? postmaster_address = xxxx at xxxxx
 }
 
 
 I really don't understand how I should make this work, and
 the after I read the docs on dovecot.org and googled I
 realised I was really lost getting this back up and runing
 :(
 
 I should be really grateful if somebody would give me some
 advice.
 
 Thanks, 
 Soph'

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 25 Feb 2014, Si L wrote:

You've checked out http://wiki2.dovecot.org/Upgrading ?
> However, I see problems with files inside directory:
> drwxr-xr-x 4 dovenull root 4096 Feb 25 20:35 /var/run/dovecot
>
> Here's the version:
> # dovecot --version
> 2.1.7
Where is its conf? ;-)
> Here's my slightly redacted conf.
> # grep -v ^# dovecot.conf|grep -v ^$
if these settings below work for you, locate the "service XYZ" entries
in
the Dovecot v2 config and replace the values there. The syntax is the 
same, IMHO.
> service auth {
>  unix_listener /var/spool/postfix/private/auth {
>    group = postfix
>    mode = 0660
>    user = postfix
>  }
>  unix_listener auth-master {
>    mode = 0600
>    user = vmail
>  }
>  user = root
> }
> service imap-login {
>  chroot = login
>  inet_listener imap {
>    address = 127.0.0.1
>    port = 3993
>  }
>  inet_listener imaps {
>    address = *
>    port = 993
>  }
>  process_limit = 256
>  process_min_avail = 24
>  service_count = 1
>  vsz_limit = 48 M
> }
> service pop3-login {
>  chroot = login
>  process_limit = 256
>  process_min_avail = 24
>  service_count = 1
>  vsz_limit = 48 M
> }
- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUw2RgXD1/YhP6VMHAQLSLAf/WEcvWfBaJf6krNmxR/oktANGbAfILd1X
216GkKAreG9J00UlWtUndzHJ9fcvOBBO8ch/DUVVWgmpoUF4F/7JXm4gyrw0ZP0X
si1LMVzVXZPnX0qcSqUPW3tm40iF4oEUxh8CWVFORjeCtzFXPR2TmSHYCYYgu9YZ
VWHG5zsAugM/hGBfmuKtc0614S+0TbFEFe1RjFJUs05A+9tqKbbT2pC0u13UTXgz
jkm8mQEkrXiz+lXMwGNKbYtcLs3m4PSj4duAHt5H/eo8/gzOqRB6vZTzQtYDocUO
VeaeJ3i3yurD3U6KdVE3dLk5QmihZSg1ukoWYwRX79iGAeVxPX7zmw==21Jr
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 25 Feb 2014, Si L wrote:

You've checked out http://wiki2.dovecot.org/Upgrading ?
> However, I see problems with files inside directory:
> drwxr-xr-x 4 dovenull root 4096 Feb 25 20:35 /var/run/dovecot
>
> Here's the version:
> # dovecot --version
> 2.1.7
Where is its conf? ;-)
> Here's my slightly redacted conf.
> # grep -v ^# dovecot.conf|grep -v ^$
if these settings below work for you, locate the "service XYZ" entries
in
the Dovecot v2 config and replace the values there. The syntax is the 
same, IMHO.
> service auth {
>  unix_listener /var/spool/postfix/private/auth {
>    group = postfix
>    mode = 0660
>    user = postfix
>  }
>  unix_listener auth-master {
>    mode = 0600
>    user = vmail
>  }
>  user = root
> }
> service imap-login {
>  chroot = login
>  inet_listener imap {
>    address = 127.0.0.1
>    port = 3993
>  }
>  inet_listener imaps {
>    address = *
>    port = 993
>  }
>  process_limit = 256
>  process_min_avail = 24
>  service_count = 1
>  vsz_limit = 48 M
> }
> service pop3-login {
>  chroot = login
>  process_limit = 256
>  process_min_avail = 24
>  service_count = 1
>  vsz_limit = 48 M
> }
- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUw2RgXD1/YhP6VMHAQLSLAf/WEcvWfBaJf6krNmxR/oktANGbAfILd1X
216GkKAreG9J00UlWtUndzHJ9fcvOBBO8ch/DUVVWgmpoUF4F/7JXm4gyrw0ZP0X
si1LMVzVXZPnX0qcSqUPW3tm40iF4oEUxh8CWVFORjeCtzFXPR2TmSHYCYYgu9YZ
VWHG5zsAugM/hGBfmuKtc0614S+0TbFEFe1RjFJUs05A+9tqKbbT2pC0u13UTXgz
jkm8mQEkrXiz+lXMwGNKbYtcLs3m4PSj4duAHt5H/eo8/gzOqRB6vZTzQtYDocUO
VeaeJ3i3yurD3U6KdVE3dLk5QmihZSg1ukoWYwRX79iGAeVxPX7zmw==21Jr
-----END PGP SIGNATURE-----

On 2/25/2014 2:44 PM, Si L <sloewent at yahoo.com>
wrote:
> Here's my slightly redacted conf.
> # grep -v ^# dovecot.conf|grep -v ^$
Don't do that.

Please post output of doveconf -n...

-- 

Best regards,

Charles